Recent Attack

Kyle123

Well-known Member
Joined
Jan 24, 2012
Messages
2,714
RE the recent attack, was any data exposed? Should people be changing their passwords?
 

HackSlash

Active Member
Joined
Nov 18, 2016
Messages
360
How do you know the "maintenance" was due to an attack? I don't see a note here in the forums. Do you have a link?
 

Kyle123

Well-known Member
Joined
Jan 24, 2012
Messages
2,714
There was a banner saying as much, however it has since disappeared
 

HackSlash

Active Member
Joined
Nov 18, 2016
Messages
360
Gotcha, it is back "Following an attack on the forum yesterday, we had to restore the database from the latest safe backup. Unfortunately that involved losing all posts and new user registrations from the last 36 hours. We apologize for the inconvenience caused to our members, but it was the safest course of action that we could take."
 

Joe4

MrExcel MVP, Junior Admin
Joined
Aug 1, 2002
Messages
56,915
Office Version
  1. 365
Platform
  1. Windows

ADVERTISEMENT

It is doubtful they had access to passwords, as they are not stored in a readable format (if anyone asks for their password, we can only reset them, as we cannot see what they currently are).

But it is never a bad idea to change your passwords from time-to-time.
 

HackSlash

Active Member
Joined
Nov 18, 2016
Messages
360
"doubtful" ? Are you guys performing a forensic analysis of the attack to see what happened?

There are many ways to break encryption depending on what they got in to. If they have your user database they can brute force it against a rainbow table and show all the users with simple passwords, like has been done in other major breaches.
 

Joe4

MrExcel MVP, Junior Admin
Joined
Aug 1, 2002
Messages
56,915
Office Version
  1. 365
Platform
  1. Windows

ADVERTISEMENT

Thanks for your concerns. The Admins (and I am not one of them) are handling this.
If you have any concerns, then by all means change your password.
 

Kyle123

Well-known Member
Joined
Jan 24, 2012
Messages
2,714
vBulletin hasn't exactly got a glowing reputation for security (especially when it's not up to date) when it comes to storing passwords - have a look here: https://www.troyhunt.com/data-breaches-vbulletin-and-weak/

Even if hackers may have had access to the user table then the responsible thing to do would be to email users and advise them to change their password. The problem is that users tend to use the same password all over the web and should a hacker have access to both the username and password, they have access to wherever the user has used it.

Assuming that the hacker can reasonably get 20% of the passwords, that's nearly 70,000 users of this community with potentially access to emails compromised.

There's no stigma attached to advising users to change passwords, it happens all the time even to the big boys like adobe.
 

Krayons

Board Regular
Joined
Sep 9, 2016
Messages
232
RE the recent attack, was any data exposed? Should people be changing their passwords?

To anyone reading this thread, considering the lack of information provided regarding the attack, I highly recommend and urge you to please change your password. If the password you use on MrExcel.com is used anywhere else, especially your email or any financial institutions, be sure to change those immediately.

Most of the time, hackers don't attack websites for the "lulz". They are almost always after information; usually email addresses (so as to sell them) and passwords.

I also cannot stress enough the importance of using strong passwords. LastPass is an amazing tool. With it, every single one of my accounts all use a unique 20 character password. (EG: &8y*^Ex4Zvk$&S!7A9nV) The odds of it being brute forced, are so astronomically small, that I have absolutely zero concerns as a result.

Good luck.

Edit:

In lieu of this, I also cannot stress enough, how bad it is to actively display to the world, that MrExcel.com is using outdated vBulletin software. I also highly recommend that the admins remove the version number from appearing at the bottom of this website.
 
Last edited:

Kyle123

Well-known Member
Joined
Jan 24, 2012
Messages
2,714
I'd just like to draw attention to this once again. All the usernames, passwords and email addresses from this attack have now turned up online. If you haven't changed your password yet, I urge you to do so (especially if it's used anywhere else)
 

Watch MrExcel Video

Forum statistics

Threads
1,129,468
Messages
5,636,485
Members
416,919
Latest member
twc2c

We've detected that you are using an adblocker.

We have a great community of people providing Excel help here, but the hosting costs are enormous. You can help keep this site running by allowing ads on MrExcel.com.
Allow Ads at MrExcel

Which adblocker are you using?

Disable AdBlock

Follow these easy steps to disable AdBlock

1)Click on the icon in the browser’s toolbar.
2)Click on the icon in the browser’s toolbar.
2)Click on the "Pause on this site" option.
Go back

Disable AdBlock Plus

Follow these easy steps to disable AdBlock Plus

1)Click on the icon in the browser’s toolbar.
2)Click on the toggle to disable it for "mrexcel.com".
Go back

Disable uBlock Origin

Follow these easy steps to disable uBlock Origin

1)Click on the icon in the browser’s toolbar.
2)Click on the "Power" button.
3)Click on the "Refresh" button.
Go back

Disable uBlock

Follow these easy steps to disable uBlock

1)Click on the icon in the browser’s toolbar.
2)Click on the "Power" button.
3)Click on the "Refresh" button.
Go back
Top